Skip to main content

Wireshark 101: Wireshark with Social Networks, HakTip 131

Movies Preview

movies

Wireshark 101: Wireshark with Social Networks, HakTip 131

by
Hak5

Publication date
Topics
Youtube, video, Science & Technology, gadgets, Hack, hack tip, hack tips, hacks, jailbreak, Tech, hak5, haktip, shannon morse, Snubs, Wireshark, https, ssl, http, 433, TCP, plain text, transmit, encrypt,
Today on HakTip, Shannon explains how to tell in Wireshark if a site is transmitting your username and password in plain text when you log in. When I log into twitter, everything is supposed to go through SSL HTTPS encryption. If this is so, then I shouldn't see any plain text passwords roaming about in Wireshark. Plain Text is referred to a site whenever said site is serving up your passwords for all to see, with no encryption. A website should NEVER do this, but the general public has no way of telling if they do, so I always recommend using a password manager for most sites and using a different randomly generated password for every site. When I log into Wireshark, I get a bunch of TCP transactions. I know these are from Twitter, because I did a quick 'whois' lookup on the IP address (just stick the IP address in your search bar with Who Is... and it should tell you who it belongs to). Under the info column, I 'found a bunch of packets that start with '433'. 433 is associated with SSL over HTTP. Okay, we've found the log-in process... Next we can look for a packet that says "Application Data" in the info field. There's a section called Secure Sockets Layer in the middle window and if I max this area out, I should see an line of encrypted data. These packets are the unreadable SSL version of your username and password being transmitted to Twitter. Now for some plain text fun. I found a site that serves up your username and password in plain text. First, notice how it defaults to HTTP instead of HTTPS. Now, when we login, we get a bunch of HTTP packets flowing. One says Customer Account Login Post. Click on this one, scroll down to the bottom of the middle section, and notice how you can see my password. Let me know what you think. Send me a comment below or email us at tips@hak5.org. And be sure to check out our sister show, Hak5 for more great stuff just like this. I'll be there, reminding you to trust your technolust. -~-~~-~~~-~~-~- Please watch: "Bash Bunny Primer - Hak5 2225" https://www.youtube.com/watch?v=8j6hrjSrJaM -~-~~-~~~-~~-~-

Source: https://www.youtube.com/watch?v=C5NBCttzIMo
Uploader: Hak5
Addeddate
2019-07-08 23:22:33
Identifier
youtube-C5NBCttzIMo
Originalurl
https://www.youtube.com/watch?v=C5NBCttzIMo
Scanner
Internet Archive Python library 1.8.4
Year
2015

plus-circle Add Review
comment
Reviews

There are no reviews yet. Be the first one to write a review.

103 Views

1 Favorite

DOWNLOAD OPTIONS

download 1 file
ITEM TILE download
download 1 file
JPEG download
download 1 file
MPEG4 download
download 1 file
OGG VIDEO download
download 1 file
TORRENT download
download 25 Files
download 10 Original
SHOW ALL

IN COLLECTIONS

Hak5

Uploaded by narabot on

SIMILAR ITEMS (based on metadata)

Terms of Service (last updated 12/31/2014)